I wonder why ssh agent forwarding does not work in cron jobs. I have a simple script such as:
ssh -A remote_host "ls ~"
I can run this script without any password typing, but after putting it inside a cron job, it always failed with:
Permission denied, please try again.
Received disconnect from ip_of_remote_host: 2: Too many authentication failures for myuser
Can anyone please tell me how to fix this issue?
Thanks a lot!
you need store SSH_AGENT_PID or SSH_AUTH_SOCK in a env file when your start ssh-agent, and source it in your ssh script,
Here is a script I used, grabbed from web long time ago.
SSH_ENV=$HOME/.ssh/environment
function start_agent {
echo "Initialising new SSH agent..."
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV}
echo succeeded
chmod 600 ${SSH_ENV}
. ${SSH_ENV} > /dev/null
ssh-add id_rsa
}
if [ -f "${SSH_ENV}" ]; then
. ${SSH_ENV} > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi
run it manually if key is passphase protected, and it will store in the $HOME/.ssh/environment something like
SSH_AUTH_SOCK=/tmp/ssh-KldGwK6643/agent.6643; export SSH_AUTH_SOCK;
SSH_AGENT_PID=6644; export SSH_AGENT_PID;
in your crontab
. $HOME/.ssh/environment && ssh -A blabla
If your server rebooted, you need run the start_agent scrit manually again
You must set environment variable SSH_AUTH_SOCK on ssh client side in order to enable ssh-agent feature (where crontab doesn't set it for you).
*/x * * * * SSH_AUTH_SOCK=agent-sock-file ssh remote "command"
make sure the agent-sock-file exists when the crontab runs
Related
I'm trying to write a PowerShell script to test user permissions through SSH, the idea is to connect to a distant machine through ssh, then do su to another user and test if we have the permission to do so. I managed to connect to ssh, and send a su command, but the problem is that when I su, I no longer in control with session, so I get stuck into the su user, my question is there a way to solve this issue ?
Regards
Well, you could use the su command with the -c option, which will run a single command and then return (pick a simple command, like hostname). Thereafter you could check the $? variable. If 0, it worked. If non-zero, it failed.
However, if su prompts for a password, then your script is going to get stuck.
sudo, on the other hand, has both a "command" parameter and a "non interactive" parameter. Would sudo work for you?
# -n = Non Interactive
# -u = Username
# -s = Command to run
sudo -n -u root -s hostname
if [ $? == 0 ]; then echo "It worked"; else echo "No good"; fi
I am using VPN connection using SSL Network Extender(SNX) to connect to remote server. The connection from the remote server is limited to only 12 hours. After that the connection is being disconnected and have to restart the SNX server again. To overcome those hardship I am trying to automate SNX restart using crontab.
I have created one shell script file called vpn.sh.
#!/bin/bash
snx -d
sleep 3
echo 'password' | snx
I have config file call .snxrc inside home directory
server server.com
username username
reauth yes
Inside crontab (crontab -e) config I have
* */12 * * * bash /home/username/vpn.sh > /home/username/cron.log
It runs every 12 hours. But snx -d runs successfully but on reaching echo 'newpass6' | snx I am getting this error:
Failed to init terminal!
Any body encountered such issues? Please help me. I have been struggling for a week now. Thanks in advance.
I have followed this link to setup snx
Because snx client cannot start without a terminal. So i put in my script these commands to start snx in a byobu session.
byobu new-session -d -s vpn;
byobu new-window -t vpn:1 -n "snx" "echo your_password | snx -s your_ip -u your_user; sleep 10"
The approved answer doesn't work for me. It creates an empty tmux session with no command executed inside. So this is my way to do this task:
byobu-tmux new-session -d "echo <password> | nohup snx -s <host> -u <user>"
Only one command to make it work. nohup is required because snx process is going to the background and returning prompt. After that, tmux exits, and snx is not assigned to the terminal. Without nohup after tmux exits, the system will terminate the snx process.
I find myself needing to log into various servers, set environment variables, and then work interactively.
e.g.
$ ssh anvil
jla#anvil$ export V=hello
jla#anvil$ export W=world
jla#anvil$ echo $V $W
hello world
How can I combine the first few commands, and then leave myself at a prompt?
Something like:
$ ssh anvil --on-login 'export V=hello; export W=world;'
jla#anvil$ echo $V $W
hello world
Obviously this is a model problem. What I am really asking is 'how do I ssh to a different machine, run some commands, and then continue as if I'd run them by hand?'
Probably the simplest thing is:
$ ssh -t host 'cmd1; cmd2; sh -i'
If you want to set variables, do:
$ ssh -t host 'cmd1; cmd2; FOO=hello sh -i'
Note that this is a terrible hack, and you would be much better off putting your desired initial commands in a script and doing:
$ scp setup host:~
$ ssh host
host$ . setup
You could also use the following expect script:
#!/usr/bin/expect -f
spawn ssh $argv
send "export V=hello\n"
send "export W=world\n"
send "echo \$V \$W\n"
interact
Turns out this is answered by this question:
How can I ssh directly to a particular directory?
to ssh:
ssh -t anvil "export V=hello; export W=world; bash"
followed by:
jla#anvil$ echo $V $W
hello world
It is worth to note that ssh -t can actually be used to connect to one host via another host.
So for example if you want to execute a command on anvil, but anvil is only accessible from host gateway (by firewall etc.), you can do like this:
ssh gateway -t 'ssh anvil -t "export V=hello; export W=world;bash -l";'
Exiting the anvil, will also log you out of gateway (if you want to stay on gatway after leaving anvil than just add another bash -l before closing the command.
Another approach is to execute this beast (also gives me a colored shell):
ssh host -t "echo 'rm /tmp/initfile; source ~/.bashrc; cd foo/; git status' > /tmp/initfile; bash --init-file /tmp/initfile"
Lets assume the script i want to write ssh to 1.2.3.4 and then invokes
ls.
The problem is that when the line "ssh 1.2.3.4" is invoked, a password is
Required, hence, the flow is stopped, even when i fill the password,
The script wont continue.
How can i make the script continue after the password is given?
Thx!
You want to do public key authentication. Here are some resources which should get you going.
http://magicmonster.com/kb/net/ssh/auto_login.html
http://www.cs.rpi.edu/research/groups/vision/doc/auto/ssh/ssh_public_key_authentication.html
I would post a couple more links, but I don't have enough reputation points. ;) Just google on "SSH automated login" or "SSH public key authentication" if you need more help.
Actually you're trying to run ls locally but you have an ssh session opened. So it won't run ls until the session is opened. If you want to run ls remotely, you should use
ssh username#host COMMAND
Where command is the command you want to run. Ssh session will finish as soon as the command is invoked and you can capture its output normally.
I would suggest you to use RSA authentication method for script that needs ssh.
I just tried this script:
#!/bin/sh
ssh vps1 ls
mkdir temp
cd temp
echo test > file.txt
And it works. I can connect to my server and list my home. Then, locally, it creates temp dir, cd into it and then creates file.txt with 'test' inside.
write simple login bash script named login_to and give exec permissions (chmod 744 login_to)
#!/bin/bash
if [ $1 = 'srv1' ]; then
echo 'srv1-pass' | pbcopy
ssh root#11.11.11.11
fi
if [ $1 = 'foo' ]; then
echo 'barbaz' | pbcopy
ssh -t dux#22.22.22.22 'cd ~/somedir/someotherdir; bash'
fi
now use it like this
login_to srv1
login_to foo
When asked for password, just pate (ctrl+v or command+v) and you will be logged in.
I run a long script on a remote machine and I would like to hear a beep when the script ends. On my machine I can add at the end of the script:
echo -e '\a' > /dev/console
but this is not working on the remote machine which complains :
-bash: /dev/console: Permission denied
How to achieve this ?
You could run the script by passing it as a parameter to ssh and then echo the beep locally:
ssh user#host /path/to/script; echo -e '\a' > /dev/console
Perhaps you might use /dev/tty instead of /dev/console. (I don't know how ssh handle beeps, so maybe you should start a terminal emulator, e.g. ssh -X -f remotehost xterm).